INTERNET-BASED WORLD SECURITY EXPLORED IN HAKIN9 ONDEMAND 02/2013

Dear Readers,

In the second issue of Hakin9 OnDemand in 2013 we will provide you with plenty of information on Cybersecurity and the safety of the Interned-Based World. The newest issue of Hakin9 OnDemand is divided into few sections. The first one, Burning issue – megaupload.com, is devoted to Kim Dotcom. In this section one can find two articles, presenting two sides of a coin on this burning issue. In the next section, Attack,
Hakin9 OnDemand will teach you about insider threat to cybersecurity. Thus, you will be able to control and mitigate all the threats in your organization. Furthermore, you will find out how to sharpen your hacking skills at home. This article will examine the Digital Dojo: the hacker’s home lab, the tools of the trade, and the various avenues available which may aid in growing the craft during off-hours at home. In this section you will also find the story of a successful well-planned attack. After reading this article you will definitely know what
steps could have been taken to recognize and nullify or avoid this exploits. The last section of this month’s issue is entitled Plus. Here you will find an intreview with William F. Slater,
III in which he discusses his story with Hakin9 magazine. In the same section you can find press release by Digital Shield
Summit.

The Rise and Fall of Megaupload.com and Kim Dotcom, and the Possible Implications for the Internet-based World of Piracy and Theft of Intellectual Property
By William F. Slater, III
In January 2012 the U. S. Government took down the Megauploads.com website and then quickly filed charges against the owner, Kim Dotcom, and his colleagues for alleged “copyright infringement, conspiracy to commit money laundering, racketeering, rewarding users who uploaded pirated content for sharing, and turning a blind eye to requests from copyright holders to remove copyright-protected files.” Kim Dotcom and his colleagues were arrested a few hours later in New Zealand and await extradition to the U.S. to be tried for these charges.

Kim Dotcom’s Letter to Hollywood
By Kim Dotcom
The Internet frightens you. But history has taught us that the greatest innovations were built on rejections. The VCR frightened you, but it ended up making billions of dollars in video sales. You get so comfortable with your ways of doing business that any change is perceived as a threat. The problem is, we as a society don’t have a choice: The law of human nature is to communicate more efficiently. And the economic benefits of high-speed Internet and unlimited cloud storage are so great that we need to plan for the day when the transfer of terabytes of data will be measured in seconds.

II. ATTACK

Insider Threat to Cybersecurity – Fighting the Enemy Within
by Arun Chauhan
This article explains Insider Threats to cyber security in an organisation, with real life case examples. The author is of the opinion that organisations have a tendency to lay more emphasis on securing their perimeters and take the insider threat lightly. Further, the author believes that processes which we implement in our organisation have a more important role to play than technology in safeguarding from insider threats and recommends certain common guidelines / controls for mitigating this threat.

Cybersecurity Constantly Under Attack 
by RIFEC – Research Institute of Forensic and E-Crimes – Massimiliano Sembiante
Cyber??security, crime, terrorism, attacks, wars, these and other “cyber categories” continue to be used more or less indiscriminately in many areas. This is partly attributed to the fact that the industry is evolving rapidly as well as because of the complexity resulting from the combination of information technology and communications (Information and Communication Technology, ICT) with other systems essential for sustainability of the key features of modern societies (the so-called critical infrastructures).

Hacking Humans: The Story of a Successful Well-planned Social Engineering Attack
by William F. Slater, III
This paper will review an actual incident related to a social engineering exploit, why this exploit was effective, and what steps could have been taken to recognize and nullify or avoid this exploits. The exploit that will be described involves authority, pretexting, and deception, resulting in psychological manipulation. The exploit had serious consequences, both in my personal professional life. The exploit was short-lived, occurring in August 2008, but very likely damaged my career and reputation at Gehenomsoft where I was employed at the time. In addition, this exploit quickly escalated to a criminal assault against me, and though the case was never resolved, it was a very traumatic experience.

The Digital Dojo: Sharpening Your Hacking Skills At Home
By: Terrance Stachowski and Michael Simbre
Ask any skilled hacker or penetration tester how they became proficient at their craft and they will likely tell you that they have spent an unbelievable amount of solitary hours hammering away at a keyboard to hone their hacking skills. Serious hackers and penetration testers might be largely self-taught, studied for security or networking certifications, pursued an IT security degree, or found guidance under a patient and experienced mentor, but one thing almost every one of them will have in common – especially if they are trying to remain proficient – is that they are continuously learning, expanding their knowledge, and practicing to keep their skills sharp.

Social Engineering: The Single Greatest Threat to Organizational Security
by Terrance J. Stachowski, CISSP, L|PT
Security planning is an onerous, complex and continual process, largely because there exists two factions which are continually at ends with one another. Security professionals work to erect walls which provide security to an organization’s data, networks, and personnel – whereas the opposition is continually developing ways to go over, under, around or through security barriers. One major problem with many security plans is that most organizations focus exclusively on technical countermeasures, but the weakest link in security, the human element, is often overlooked. Attackers are aware of this deficiency, and use an unethical approach known as “social engineering” to exploit this weakness. This paper examines how social engineering attacks take advantage of normal human behavior and demonstrates the real and present threat that this type of dishonest attack poses.

III. PLUS

Interview with William F. Slater, III
By Ewa Duranc
I was inspired to write it because I knew that applying the concepts described in the article would help make cyberspace a little safer. The article explains how using a well-designed security compliance framework can help an organization defend against the perils of cyberattacks and cyberwarfare. As far as I know, no one yet been bold or knowledgeable enough to take the time to write such an article for the general public. Note that I did not receive any academic credit or even any compensation for writing this article.

Digital Shield Summit – Press Release
Monday, February 18, 2013; Dubai: Ideanomics today officially announced the Emirates Identity Authorities involvement with Digital Shield Summit 2013. H.E. Dr. Eng. Ali Mohamed Al Khouri, Emirates ID Director General will be the Chief Guest of Honour and will be inaugurating the summit to be held on the 21st and 22nd of April in Abu Dhabi, United Arab Emirates